Hi,
I want to build an RPM package which contains an custom SELinux policy for the daemon. I know that there is a new, more modularized SELinux architecture in FC5 and later (which makes this probably much easier) but I need to support RHEL 4/CentOS, too.
I know how to use audit2allow to do some minor modifications but I don't know currently how to build RPM packages which ship a new SELinux policy without requiring the SELinux source modules (e.g. selinux-policy-targeted-sources) on RHEL 4 at install time.
Any pointers? Ideas welcome.
fs
I like to rephrase my question slightly:
My problem is very similar to this one: Author: Davide Bolcioni Date: 27 Apr 2005 Subject: "Is there a SELinux tutorial for ISVs ?" http://www.redhat.com/archives/fedora-selinux-list/2005-April/msg00244.html
If I understand this thread correctly, it is not possible to ship binary policies in CentOS/RHEL 4.
Reading the SELinux guide [1], I think it is possible to ship a complete policy but not a single/minor tweak to an existing policy. Correct?
fs
[1] "8.4. Deploying Customized Binary Policy", http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/se...
-
Felix Schwarz